Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
Summary
A vulnerability has been discovered in Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) versions prior to 5.8. This flaw could allow an attacker to execute arbitrary code and cause a denial-of-service condition. Siemens has released a patch and recommends updating to the latest version.
IFF Assessment
The vulnerability allows for arbitrary code execution and denial of service, posing a direct threat to the availability and integrity of critical infrastructure systems.
Severity
The CVSS v3 score of 7.7 indicates a high severity. The vector string implies that the vulnerability is network-exploitable and can lead to significant impacts on confidentiality, integrity, and availability.
Defender Context
This vulnerability impacts critical manufacturing sectors and is deployed worldwide, highlighting the broad risk to industrial control systems. Defenders should prioritize patching affected Siemens RUGGEDCOM SAC devices and monitor for any signs of exploitation related to numeric truncation errors.